Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
It wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups.
ROFL i have been allied with satan for years and am damned proud of it.
Hi, On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote:
<html><body><span style="font-family:Verdana; color:#000; font-size:12pt;"><div><br></div><div style="">What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?</div><div style=""><span mce_style="font-size: 12pt;" style=""><br style=""></span></div><div style=""><span mce_style="font-size: 12pt;" style=""><a target="_blank" href="https://en.wikipedia.org/wiki/Slippery_slope" style="">https://en.wikipedia.org/wiki/Slippery_slope</a></span></div><div style=""><span mce_style="font-size: 12pt;" style=""><br style=""></span></div><div style=""><span mce_style="font-size: 12pt;" style="">It wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse.</span></div><div style=""><span mce_style="font-size: 12pt;" style=""><br style=""></span></div><div style=""><span mce_style="font-size: 12pt;" style="">(Usually, there is one other motivation (financial) but not in this proposal).</span></div><div style=""><span mce_style="font-size: 12pt;" style=""><br style=""></span></div>
HTML-mails, top posted, on a mailing list that has a different mail style. Very impolite and unconsiderate. But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Fri, 19 Apr 2019 09:51:56 +0200 Gert Doering <gert@space.net> wrote:
On Thu, Apr 18, 2019 at 07:33:19PM -0700, Fi Shing wrote:
<html><body><span style="font-family:Verdana; color:#000; font-size:12pt;"><div><br></div><div style="">What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?</div><div style=""><span mce_style="font-size: 12pt;" style=""><br style=""></span></div><div style=""><span mce_style="font-size: 12pt;" style=""><a target="_blank" <snip snip>
HTML-mails, top posted, on a mailing list that has a different mail style. Very impolite and unconsiderate.
+1, but anyway...
But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go.
so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making? how rude and presumptuous of yourself. it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate" Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope" *sigh* - this is one of the most commented on and longest suffering thread(s) ever. It seems there are vested interests in ensuring that RIPE does not exercise any administrative (or limited) authority and only acts as a 'sort of' loose record or some sort of index of who may possibly or potentially be assigned which public resources... I just wish to add the one thing that I have not yet seen in the thread(s): I would propose that should RIR not act with administrative authority we can expect world governments to legislate as chaos is not in the best interests of civil society. Andre
so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making?
how rude and presumptuous of yourself.
QED? i wish folk would not resort to ad homina
it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate"
Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope"
no. gert was correct. but you are correct in the sense that it is not a slippery slope. it is the bottom of the slope. the slope started with insufficient diligence in registration services when dealing with some quite abusive actors. next, in the process of cleaning it up, american style lawyers created the overreaching ripe-716 to formalize a weapon to punish miscreants. now folk in this wg wave the weapon around to punish others who might be miscreants of a different sort. a martin niemöller quote comes to mind. as does "the only winning move is not to play." randy, who thinks this is a sad day for the ripe community
very well said Randy, +1 On Fri, 19 Apr 2019 at 11:33, Randy Bush <randy@psg.com> wrote:
so you are taking it upon yourself to attach your own opinion by commenting on how you interpret the point(s) Randy is making?
how rude and presumptuous of yourself.
QED? i wish folk would not resort to ad homina
it seems many people (including myself) are rude, obnoxious, not tolerant as well as very impolite and "unconsiderate"
Anyway, to add my own interpretation, seeing as this is what we are now reduced to, I am understanding that Randy is pointing out that when 2019-03 moves forward, this is common sense and not a "slippery slope"
no. gert was correct. but you are correct in the sense that it is not a slippery slope. it is the bottom of the slope.
the slope started with insufficient diligence in registration services when dealing with some quite abusive actors. next, in the process of cleaning it up, american style lawyers created the overreaching ripe-716 to formalize a weapon to punish miscreants. now folk in this wg wave the weapon around to punish others who might be miscreants of a different sort.
a martin niemöller quote comes to mind.
as does "the only winning move is not to play."
randy, who thinks this is a sad day for the ripe community
-- -- Kind regards. Lu
On Fri, 19 Apr 2019, Gert Doering wrote:
Hi,
(...)
But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go.
Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
For those saying "Dutch court" etc please do be careful what you're asking for. Experience in two decades of anti abuse work says that if a particular form of abuse is allowed and even waved away so there's an enforcement gap, and that form of abuse is used to successfully attack something important and news making (lets say the European parliament or the defence forces of an EU country). Plausible - people can hijack address space belonging to most anybody. It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Friday, April 19, 2019 7:33 PM To: Gert Doering Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) On Fri, 19 Apr 2019, Gert Doering wrote:
Hi,
(...)
But anyway: the point that Randy is making that this policy is neither common sense, nor effective in reducing abuse. So it's not the way to go.
Hi, 72 countries/economies in the service region (and in reality, the world), so i suspect "common sense" might turn out to be a tricky concept... :-) But in fact, i think most Internet users would say it's common sense to have a rule saying that company A using resources held by company B (intentionally and persistently) is not tolerable. About effectiveness in reducing abuse: We don't have any data, we would need to have the rule in place first... :-) Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...? Regards, Carlos
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi, On Fri, Apr 19, 2019 at 02:18:25PM +0000, Suresh Ramasubramanian wrote:
It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation.
You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place. Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness" (which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC. Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Fri, 19 Apr 2019, Gert Doering wrote:
Hi,
On Fri, Apr 19, 2019 at 02:18:25PM +0000, Suresh Ramasubramanian wrote:
It would be an interesting sight to see the chairman and exec board of ripe summoned before a parliament or court to explain the situation.
You love to summon up dire legal consequences for the RIPE NCC if this policy isn't coming into place.
Over here in Europe, we're not used to just sueing anyone for anything we do not like and actually having chance in succeeding with it. Unless the RIPE NCC is actually *tasked* with "ensuring routing correctness"
Hi, RIPE NCC isn't tasked with that, i agree. It is also not tasked in ensuring that party A is just using their own numbering resources. But 2019-03 also doesn't mandate that the RIPE NCC should start verifying that randomly. It just opens the door for someone to report a (suspected) resource hijack, and if a large set of circumstances are aligned, it may open the door to a membership status review -- which won't even happen at the first time... according to the current set of policies.
(which it isn't) whether or not someone configures their router correctly cannot construct a liability for the NCC.
Maybe it can be a liability if the party responsible for the numbering resources administration does nothing and let's the hijacks run free... Some years ago i had an issue with another RIR about one of its members adding *our address* to one of their netblocks. That registry (whois) entry was clearly forged (the network wasn't and never was running at our address) and it took months to have this corrected with the people who forged the entry and the RIR in question didn't really help. If we had financial losses due to this incorrect entry, wouldn't it be normal to sue also the RIR for not aiding in solving this "address hijack" that hit the registry database???
Now, if the NCC neglects to secure their *registry*, and people can use this neglect to attack others, this might be a valid case to bring forward...
Big Kudos to those who have worked hard to try to close this gap lately (also through policy proposals) -- you know who you are... :-)) Regards, Carlos
Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03:
Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...?
No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe spammers set up as eastern european LIRs not too long back They would now as well if such duty wasn't abdicated each time The duty doesn't magically go away of course even if it is abdicated and denied --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Nick Hilliard <nick@foobar.org> Sent: Friday, April 19, 2019 8:16 PM To: Carlos Friaças Cc: Gert Doering; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03:
Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...?
No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure. It will not have any material impact on hijacking; there are better ways of handling hijacking and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list. And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it. Nick
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe spammers set up as eastern european LIRs not too long back
as i intended by my reference to martin niemöller, i suspect that's who the net police/vigilantes will come for next. and then ... and then ... it is incremental, each justifies the next. the problem with making weapons is that they will be abused. a good piece on this the other day in the wapo, https://www.washingtonpost.com/opinions/technology-can-be-put-to-good-use--o... there are other means to deal with the hijacking problem without becoming police, judge, jury, and prison all rolled into one. push the technical approaches. use legal resources, the rule of law, before trump erodes it entirely. i hope we are above becoming a lynch mob. randy
On Fri, 19 Apr 2019, Nick Hilliard wrote:
Carlos Friaças via anti-abuse-wg wrote on 19/04/2019 15:03:
Would you find reasonable to have the rule/policy in place say for 2 or 3 years, and then evaluate its impact/efectiveness...?
No. In principle, the proposal is completely broken, antithetical to the RIPE NCC's obligations of being an address registry and Randy was right to point out that it is a proposal for a kangaroo court. We don't need to make the mistake of testing it out to make sure.
Hi, This question was just to express that noone really knows if the impact on abuse will be significant, minimal or none (but it seems there are people trying to state something without real data to back it up). I would also like to read Gert's opinion on this.
It will not have any material impact on hijacking;
Oh, so you do have the data...?
there are better ways of handling hijacking
Such as...?
and the proposal will have a wide variety of serious but unintended side effects, some of which have been raised on this mailing list.
Do you care to list them, so we can work on their mitigation? (i mean, those who have been raised in a disperse way in this list and those who haven't been raised yet)
And it's unimplementable - the board of the RIPE NCC would have a fiduciary duty to refuse to implement it.
Because you say so. What i've heard from the Board so far on the list -- and the Board currently has seven members -- was a concern expressed by Piotr about timelines, which i think we have addressed in v2.0's text (which i also hope to see published soon). Best Regards, Carlos
Nick
On Fri, Apr 19, 2019 at 11:02:23PM +0100, Carlos Friaças via anti-abuse-wg wrote:
What i've heard from the Board so far on the list -- and the Board currently has seven members -- was a concern expressed by Piotr about timelines, which i think we have addressed in v2.0's text (which i also hope to see published soon).
Just to be clear - that was my private concern and not the Board. Piotr -- Piotr Strzyżewski Silesian University of Technology, Computer Centre Gliwice, Poland
On Thu, 18 Apr 2019, Fi Shing wrote:
What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?
https://en.wikipedia.org/wiki/Slippery_slope
It wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse.
(Usually, there is one other motivation (financial) but not in this proposal).
Hi, Please let me tell you that you are absolutely wrong about Randy Bush. I co-authored another policy proposal together with Randy (and also some other people who have already objected to 2019-03) some years ago. Randy's contribution is always appreciated and (at least) i feel very lucky when he shows up at RIPE meetings, and i happen to be there too. I hope this will destroy any doubt you may have about Randy: https://www.internethalloffame.org/inductees/randy-bush Let me also say that i think that energy into improving/deploying routing security (RPKI, MANRS, ...) should in any way be reduced just because of what 2019-03 proposes. Randy's position is obviously not irrelevant for me, as other person who frequently brings as much value to the RIPE community as Randy does, already told me (in private), in even a less positive way. Regards, Carlos
-------- Original Message -------- Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) From: Randy Bush <randy@psg.com> Date: Fri, April 19, 2019 1:55 am To: anti-abuse-wg@ripe.net
< rant >
this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court.
it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children.
put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those.
randy
participants (9)
-
ac -
Carlos Friaças -
Fi Shing -
Gert Doering -
Lu Heng -
Nick Hilliard -
Piotr Strzyzewski -
Randy Bush -
Suresh Ramasubramanian